Award-winning news, views, and insight from the ESET security community

Mt Gox site code “posted online” as exchange admits $500m in bitcoin is lost

Bitcoin exchange Mt Gox has admitted that nearly $500 million in bitcoin has “disappeared”, in a new statement posted online - as chunks of computer code have appeared on Pastebin which appear to be part of the backend for the site.

Bitcoin exchange Mt Gox has admitted that nearly $500 million in bitcoin has “disappeared”, in a new statement posted online – as chunks of computer code have appeared on Pastebin which appear to be part of the backend for the site.

Bitcoin exchange Mt Gox has admitted that nearly $500 million in bitcoin has “disappeared”, in a new statement posted online, blaming abuse of a bug in the system. Chunks of computer code have appeared on Pastebin which appear to be part of the backend for the exchange, which would tally with CEO Mark Karpele’s claims that the site was hacked, according to Ars Technica.

The exchange, which filed for bankruptcy protection on Friday, posted a new message to its site on Monday, saying that bitcoins had been “illicitly moved through the abuse of a bug”, and that “Although the complete extent is not yet known, we found that approximately 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to us had disappeared.”

According to TechCrunch’s report, that amounts to a total loss of $500 million in bitcoin.

Ars Technica reports that a chunk of PHP code posted to the website Pastebin appears to originate from Mt Gox, and tally with CEO Mark Karpeles’ claims that the site was hacked. “The block of PHP code appears to be part of the backend for MtGox’s Bitcoin exchange site, and it includes references to IP addresses registered to Karpeles’ Web hosting and consulting company, Tibanne,” Ars Technica’s Sean Gallagher writes.

The site’s statement says, “At the start of February 2014, illegal access through the abuse of a bug in the bitcoin system resulted in an increase in incomplete bitcoin transfer transactions and we discovered that there was a possibility that bitcoins had been illicitly moved through the abuse of this bug. We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.”

Users of the site are still finding it difficult to contact tthe company, according to The Register’s report – with calls to the call centre set up to deal with queries about investments going unanswered, or being answered by non-English speakers who refused to speak to the site’s reporter.

Wired today claimed that many of the company’s troubles could be traced to its CEO, Mark Karpeles, quoting unnamed “insiders” who described Karpeles as more of a computer coder than a CEO. One company insider, speaking to Wired on condition of anonymity, said, “Mark liked the idea of being CEO, but the day-to-day reality bored him.”

The company’s website was taken offline last week, shortly after a statement was published online by digital wallet company Coinbase, denouncing Mt Gox, and endorsed by other leading Bitcoin exchanges, saying, “ As with any new industry, there are certain bad actors that need to be weeded out, and that is what we are seeing today. Mtgox has confirmed its issues in private discussions with other members of the bitcoin community.”

Rumours had circulated that the company faced insolvency after it halted withdrawals earlier this year, according to Bloomberg Businessweek. The company had halted withdrawals after what it described as ‘unusual activity’.